Red Hat Single Sign-On Administration

Bookmark this page
P123456
PreviousNext

Guided Exercise: Red Hat Single Sign-On Installation

  • Describe the various ways to install Red Hat Single Sign-On.

Outcomes

  • Install RH-SSO from a .zip file.

  • Change the default H2 database to a PostgreSQL database.

  • Configure RH-SSO as a service that starts on boot.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start install-ways

Procedure 2.1. Instructions

  1. From workstation, log in to the sso machine as the rhsso user.

    [student@workstation ~]$ ssh rhsso@sso
...output omitted...
[rhsso@sso ~]$

  2. Unpack the rh-sso-7.6.0-server-dist.zip file to the /opt directory. You can find the .zip file in the rhsso user home directory. Set the appropriate permissions to the directory.

    1. Unpack the rh-sso-7.6.0-server-dist.zip file to the /opt directory by using the unzip utility.

      [rhsso@sso ~]$ sudo unzip rh-sso-7.6.0-server-dist.zip -d /opt
...output omitted...

    2. Modify the user and group owner for the /opt/rh-sso-7.6 directory to rhsso.

      [rhsso@sso ~]$ sudo chown -R rhsso:rhsso /opt/rh-sso-7.6

  3. Create the EAP module for the PostgreSQL JDBC driver.

    1. Create the directory structure for the module definition.

      [rhsso@sso ~]$ mkdir -p \
  /opt/rh-sso-7.6/modules/system/layers/keycloak/org/postgresql/main

    2. Copy the PostgreSQL JDBC driver jar file to the modules directory. You can find the jar file in the rhsso user home directory.

      [rhsso@sso ~]$ cp postgresql-42.5.0.jar \
  /opt/rh-sso-7.6/modules/system/layers/keycloak/org/postgresql/main/

  4. Create and execute the sso-extensions.cli script to point to the PostgreSQL database. The URL of the PostgreSQL database is sso.lab.example.com and it uses the standard TCP port 5432. The name for the database is keycloack, the user is postgres, and the password is postgres.

    1. Copy the RH-SSO extensions JBoss script to the /opt/rh-sso-7.6/bin directory. You can find the script in the rhsso user home directory.

      [rhsso@sso ~]$ cp sso-extensions.cli /opt/rh-sso-7.6/bin/

    2. Modify the /opt/rh-sso-7.6/bin/sso-extensions.cli file to point to the PostgreSQL database. You must provide the values for the DB_USERNAME, DB_PASSWORD, CONNECTION_URL, and FILE variables. The content of the file should be as follows. Note that the FILE line has been split so that it displays correctly in the PDF guide. Do not add the line break in your RH-SSO extensions JBoss script file.

      batch


set DB_USERNAME=postgres
set DB_PASSWORD=postgres
set DRIVER_NAME=postgres
set DRIVER_MODULE_NAME=org.postgres
set XA_DATABASESOURCE_CLASS="org.postgresql.xa.PGXADataSource"
set CONNECTION_URL="jdbc:postgresql://sso.lab.example.com:5432/keycloak"
set FILE=/opt/rh-sso-7.6/modules/system/layers/keycloak/org/postgresql/main/postgresql-42.5.0.jar

...output omitted...

    3. Launch the sso-extensions.cli script by using the JBoss management CLI.

      [rhsso@sso ~]$ /opt/rh-sso-7.6/bin/jboss-cli.sh \
  --file=/opt/rh-sso-7.6/bin/sso-extensions.cli
...output omitted...

  5. Create the admin user for RH-SSO with redhat as the password. You can find the script to add administrator users in the /opt/rh-sso-7.6/bin directory.

    [rhsso@sso ~]$ /opt/rh-sso-7.6/bin/add-user-keycloak.sh -u admin -p redhat
Added 'admin' to '/opt/rh-sso-7.6/standalone/configuration/keycloak-add-user.json', restart server to load user

  6. Configure RH-SSO as a service that starts on boot.

    1. Modify the JBoss configuration file in /opt/rh-sso-7.6/bin/init.d/jboss-eap.conf with the location of JBoss EAP, the username, the mode, and the log directory. The content of the file should be as follows:

      # General configuration for the init.d scripts,
# not necessarily for JBoss EAP itself.
# default location: /etc/default/jboss-eap

## Location of JDK
# JAVA_HOME="/usr/lib/jvm/default-java"

## Location of JBoss EAP
JBOSS_HOME="/opt/rh-sso-7.6"

## The username who should own the process.
JBOSS_USER=rhsso

## The mode JBoss EAP should start, standalone or domain
JBOSS_MODE=standalone

## Configuration for standalone mode
# JBOSS_CONFIG=standalone.xml

## Configuration for domain mode
# JBOSS_DOMAIN_CONFIG=domain.xml
# JBOSS_HOST_CONFIG=host-master.xml

## The amount of time to wait for startup
# STARTUP_WAIT=60

## The amount of time to wait for shutdown
# SHUTDOWN_WAIT=60

## Location to keep the console log
JBOSS_CONSOLE_LOG="/opt/rh-sso-7.6/standalone/log/console.log"

## Additionals args to include in startup
JBOSS_OPTS="-b 0.0.0.0"

    2. Copy the modified service file to the /etc/default directory.

      [rhsso@sso ~]$ sudo cp /opt/rh-sso-7.6/bin/init.d/jboss-eap.conf /etc/default

    3. Copy the service start up script to the /etc/init.d directory. Give it execute permissions and reset its SELinux security context.

      [rhsso@sso ~]$ sudo cp /opt/rh-sso-7.6/bin/init.d/jboss-eap-rhel.sh /etc/init.d
[rhsso@sso ~]$ sudo chmod +x /etc/init.d/jboss-eap-rhel.sh
[rhsso@sso ~]$ sudo restorecon /etc/init.d/jboss-eap-rhel.sh

    4. Add the new service to the list of automatically started services. Reload systemd manager configuration.

      [rhsso@sso ~]$ sudo chkconfig --add jboss-eap-rhel.sh
[rhsso@sso ~]$ sudo systemctl daemon-reload

    5. Start the service and enable it on boot.

      [rhsso@sso ~]$ sudo service jboss-eap-rhel start
Redirecting to /bin/systemctl start jboss-eap-rhel.service
[rhsso@sso ~]$ sudo chkconfig jboss-eap-rhel.sh on

  7. Check the status for the service. Check the logs for verifying the JDBC connection.

    1. Verify the status for the service.

      [rhsso@sso ~]$ systemctl status jboss-eap-rheljboss-eap-rhel.service - SYSV: JBoss EAP startup script
   Loaded: loaded (/etc/rc.d/init.d/jboss-eap-rhel.sh; generated)
   Active: active (running) since Wed 2022-11-16 07:23:57 EST; 29s ago
     Docs: man:systemd-sysv-generator(8)
 Main PID: 34369 (java)
...output omitted...

    2. Review the logs and verify the JDBC connection.

      [rhsso@sso ~]$ cat /opt/rh-sso-7.6/standalone/log/server.log
...output omitted...
05:53:21,889 INFO  [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (ServerService Thread Pool -- 64) Database info: {databaseUrl=jdbc:postgresql://sso.lab.example.com:5432/keycloak, databaseUser=postgres, databaseProduct=PostgreSQL 10.19, databaseDriver=PostgreSQL JDBC Driver 42.5.0}
...output omitted...

  8. On the workstation machine, use Firefox to navigate to the RH-SSO web UI URL at https://sso.lab.example.com:8080. Click Administration Console. Log in as the admin user with redhat as the password.

  9. Return to the workstation system as the student user.

    [rhsso@sso ~]$ exit
[student@workstation ~]$

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish install-ways

This concludes the section.

PreviousNext
Revision: do313-7.6-bc10333